Apple Platform Deployment
- Welcome
- Intro to Apple platform deployment
- What’s new
-
-
- Declarative app configuration
- Authentication credentials and identity asset declaration
- Background task management declarative
- Calendar declarative configuration
- Certificates declarative configuration
- Contacts declarative configuration
- Exchange declarative configuration
- Google Accounts declarative configuration
- LDAP declarative configuration
- Legacy interactive profile declarative configuration
- Legacy profile declarative configuration
- Mail declarative configuration
- Math and Calculator app declarative configuration
- Passcode declarative configuration
- Passkey Attestation declarative configuration
- Safari extensions management declarative configuration
- Screen Sharing declarative configuration
- Service configuration files declarative configuration
- Software Update declarative configuration
- Software Update settings declarative configuration
- Storage management declarative configuration
- Subscribed Calendars declarative configuration
-
- Accessibility payload settings
- Active Directory Certificate payload settings
- AirPlay payload settings
- AirPlay Security payload settings
- AirPrint payload settings
- App Lock payload settings
- Associated Domains payload settings
- Automated Certificate Management Environment (ACME) payload settings
- Autonomous Single App Mode payload settings
- Calendar payload settings
- Cellular payload settings
- Cellular Private Network payload settings
- Certificate Preference payload settings
- Certificate Revocation payload settings
- Certificate Transparency payload settings
- Certificates payload settings
- Conference Room Display payload settings
- Contacts payload settings
- Content Caching payload settings
- Directory Service payload settings
- DNS Proxy payload settings
- DNS Settings payload settings
- Dock payload settings
- Domains payload settings
- Energy Saver payload settings
- Exchange ActiveSync (EAS) payload settings
- Exchange Web Services (EWS) payload settings
- Extensible Single Sign-on payload settings
- Extensible Single Sign-on Kerberos payload settings
- Extensions payload settings
- FileVault payload settings
- Finder payload settings
- Firewall payload settings
- Fonts payload settings
- Global HTTP Proxy payload settings
- Google Accounts payload settings
- Home Screen Layout payload settings
- Identification payload settings
- Identity Preference payload settings
- Kernel Extension Policy payload settings
- LDAP payload settings
- Lights Out Management payload settings
- Lock Screen Message payload settings
- Login Window payload settings
- Managed Login Items payload settings
- Mail payload settings
- Network Usage Rules payload settings
- Notifications payload settings
- Parental Controls payload settings
- Passcode payload settings
- Printing payload settings
- Privacy Preferences Policy Control payload settings
- Relay payload settings
- SCEP payload settings
- Security payload settings
- Setup Assistant payload settings
- Single Sign-on payload settings
- Smart Card payload settings
- Subscribed Calendars payload settings
- System Extensions payload settings
- System Migration payload settings
- Time Machine payload settings
- TV Remote payload settings
- Web Clips payload settings
- Web Content Filter payload settings
- Xsan payload settings
-
- Glossary
- Document revision history
- Copyright
Extensible Authentication Protocol (EAP) MDM settings for Apple devices
You can configure the various EAP protocols for Apple devices enrolled in a mobile device management (MDM) solution. MDM solutions can support the following 802.1X authentication methods for WPA Enterprise and WPA2 Enterprise networks (You can select multiple EAP methods):
TLS
TTLS (MSCHAPv2)
EAP-FAST
EAP-SIM
PEAP (EAP-MSCHAPv2, the most common form of PEAP)
PEAP (EAP-GTC, less common and created by Cisco)
EAP-AKA (requires no additional configuration)
The tables that follow describe the settings for each EAP method.
TLS
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Account user name | The user’s name. | Yes | |||||||||
Identity certificate | The Certificates payload used to authorize connections to the network. | Yes | |||||||||
TLS version support | Select the minimum and maximum TLS versions:
| No |
TTLS
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Account user name | The user name for the connection to the network. | Yes | |||||||||
Account password | The password associated with the user name. | Yes | |||||||||
Identity certificate | The certificate payload used to authorize connections to the network. | Yes | |||||||||
Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No | |||||||||
Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No | |||||||||
Inner authentication | The authentication protocol to be used:
| Yes | |||||||||
Outer identity | Add the externally visible identification. | No | |||||||||
TLS version support | Select the minimum and maximum TLS versions:
| No |
EAP-FAST
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Account user name | The user name for the connection to the network. | Yes | |||||||||
Account password | The password associated with the user name. | Yes | |||||||||
Identity certificate | The Certificates payload used to authorize connections to the network. | Yes | |||||||||
Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No | |||||||||
Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No | |||||||||
Outer identity | Add the externally visible identification. | No | |||||||||
TLS version support | Select the minimum and maximum TLS versions:
| No | |||||||||
Protected Access Credential (PAC) support | Specify whether to use PAC. If selected, the other options are:
| No |
EAP-SIM
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Two RANDs | Select to allow authentication to the network server by providing only two 128-bit random values. | No |
PEAP
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Account user name | The user name for the connection to the network. | Yes | |||||||||
Account password | The password associated with the user name. | Yes | |||||||||
Identity certificate | The Certificates payload used to authorize connections to the network. | Yes | |||||||||
Two Factor Authentication (2FA) | Requires Two Factor Authentication to connect to the network. | No | |||||||||
Use directory authentication | Select to allow the credentials for the directory login to be used for authentication. | No | |||||||||
Outer identity | Add the externally visible identification. | No | |||||||||
TLS version support | Select the minimum and maximum TLS versions:
| No |
Note: Each MDM vendor implements these settings differently. To learn how various TLS, TTLS, EAP-FAST, EAP-SIM, and PEAP protocol settings are applied to your devices, consult your MDM vendor’s documentation.